One last thing ;-) use OpenLDAP! On 02/06/2009, John A. Sullivan III <[email protected]> wrote: > Hello, all. I'm afraid I've been dropped into the deep end even though > I am an Asterisk novice. I've set up a few tiny, tiny systems in the > past and have now been asked to pull together Asterisk, FreePBX, > Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. > > After googling and reading for most of the last 24 hours, I finally have > my head around the components and how they work but am a little stumped > by password synchronization using existing LDAP accounts. Maintaining > separate accounts with a shared database between Kamailio and Asterisk > seems quite reasonable. Integrating with the existing LDAP database > seems like much more of a challenge. > > I did find > http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html > and > http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ > very helpful. > > For security reasons, we keep internal UIDs different from public email > IDs. Thus, we might use john.doe internally and [email protected] for > email. Since it is a multi-tenant environment, I'd imagine we will use > the Kamailio domain module, make the SIP domain match the email domain, > and use the email user portion of the email address as the SIP ID. I > think this is straightforward using LDAP and Kamailio as we would query > LDAP for the email address and have return the password. > > Asterisk seems a little trickier. I've looked at the schema extensions > and it looks like we add an auxiliary objectclass of AstSIPUser. I > suppose we would add this objectclass to a structure inetOrgPerson > object. We could then use the email name for the AstAccountName (or > whatever the actual attribute is) but the password befuddles me. > > I notice we add an AstAccountRealmedPassword attribute. I suppose this > is because of the need to furnish SIP a hash derived from > username:realm:password. We would prefer our users only need to change > their passwords in one place. Is there anyway beside deploying > something like IPA to have Asterisk use the regular posix password > stored in LDAP rather than a separate AstAccountRealmedPassword? > > I'm looking forward to diving in; I just wish it was with a little less > time pressure! Thanks - John > -- > John A. Sullivan III > Open Source Development Corporation > +1 207-985-7880 > [email protected] > > http://www.spiritualoutreach.com > Making Christianity intelligible to secular society > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
